b"Department of Homeland Security\n   Of\xef\xac\x81ce of Inspector General\n               Evaluation of DHS' Security \n\n              Program and Practices For Its \n\n       Intelligence Systems For Fiscal Year 2010 \n\n\n                Unclassified Summary \n\n\n\n\n\nOIG-10-112                                   August 2010\n\x0c                                                                      U.S. Department of\n\n                                                                      Homeland Security\n\n                                                                      Washington, DC 20528\n\n\n\n\n                              Office of Inspector General\n               Evaluation of DHS\xe2\x80\x99 Security Program and Practices for Its\n                     Intelligence Systems for Fiscal Year 2010\n                                    OIG-10-112\n\n\nWe reviewed the Department of Homeland Security\xe2\x80\x99s (DHS) enterprise-wide security\nprogram and practices for its Top Secret/Sensitive Compartmented Information\nintelligence systems. Pursuant to the Federal Information Security Management Act of\n2002 (FISMA), we reviewed the department\xe2\x80\x99s security management, implementation, and\nevaluation of its intelligence activities, including its policies, procedures, and system\nsecurity controls for enterprise-wide intelligence systems. In doing so, we assessed the\ndepartment\xe2\x80\x99s Plan of Action and Milestones, certification and accreditation, privacy, and\nincident reporting processes, as well as its security training and awareness program.\n\nThe department continues to maintain an effective enterprise-wide information security\nmanagement program for its intelligence systems. Overall, DHS has developed\ninformation security procedures and implemented effective security controls on its\nintelligence systems. Nonetheless, management oversight and operational issues remain\nregarding the effectiveness of the program. Concerns with system Certification and\nAccreditation documentation and the implementation of a formal information system\nsecurity training and awareness program for intelligence personnel still exist. Further,\nbecause the Intelligence and Analysis Office is now responsible for the U.S. Coast Guard\nintelligence systems reporting, the office should continue to provide management\noversight to ensure that the U.S. Coast Guard maintains an effective information\ntechnology security program and complies with FISMA and DHS requirements.\nFieldwork was conducted from April through June 2010.\n(OIG-10-112, August 2010, IT)\n\x0cADDITIONAL INFORMATION AND COPIES\n\nTo obtain additional copies of this report, please call the Office of Inspector General (OIG) at (202) 254-4100,\nfax your request to (202) 254-4305, or visit the OIG web site at www.dhs.gov/oig.\n\n\nOIG HOTLINE\n\nTo report alleged fraud, waste, abuse or mismanagement, or any other kind of criminal or noncriminal\nmisconduct relative to department programs or operations:\n\n\xe2\x80\xa2 Call our Hotline at 1-800-323-8603;\n\n\xe2\x80\xa2 Fax the complaint directly to us at (202) 254-4292;\n\n\xe2\x80\xa2 Email us at DHSOIGHOTLINE@dhs.gov; or\n\n\xe2\x80\xa2 Write to us at:\n       DHS Office of Inspector General/MAIL STOP 2600,\n       Attention: Office of Investigations - Hotline,\n       245 Murray Drive, SW, Building 410,\n       Washington, DC 20528.\n\n\nThe OIG seeks to protect the identity of each writer and caller.\n\x0c"